658493f2e3f311d97774f58ebdcd6556_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

658493f2e3f311d97774f58ebdcd6556_JaffaCakes118
Size

44KB
MD5

658493f2e3f311d97774f58ebdcd6556
SHA1

f755258e1506dee68f8b9ec56851e4d0aeb6c366
SHA256

fd9316a6be1d054d28f5454fdf32859e8e0454c358852b032f493dca87905d31
SHA512

aa858279859da428c7200f626dda6ac1926d7398cd172cf5c3a383f8f0a894baf2630d95183414504a02a51f0f0a5b9daeebac36ef61588938c810d18c3be317
SSDEEP

768:LvotgYh/c3LhSIIBt0d7rZ7Hn627SfT886YA5Sh:74goltE7rxH622Lt6YA5Sh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
658493f2e3f311d97774f58ebdcd6556_JaffaCakes118

Files

658493f2e3f311d97774f58ebdcd6556_JaffaCakes118
.dll windows:1 windows x86 arch:x86

9ddbbefc07fd85ed53d494266bc5ca14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3230mt

_strcat
@__lockDebuggerData$qv
_abort
__startupd
_remove
_memset
__ExceptionHandler
_fgets
_memcpy
_fopen
_fclose
_strcpy
_strlen
__setargv
__ftol
__exitargv
__flushall
_atof
__argv
___debuggerDisableTerminateCallback
__argc
_getdate
__free_heaps
@__unlockDebuggerData$qv
__ErrorMessage
_sprintf
@_CatchCleanup$qv
_strrchr

kernel32

GetProfileStringA
lstrlenA
lstrcpyA
_lread
GetModuleHandleA
_lopen
_lclose
WriteProfileStringA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
Sleep
OutputDebugStringA
LocalFree
LocalAlloc
GetVersion

ishctl32

SetDlgItemDate
FileLength
rtrim
readGenericRecord
MyGetTempFileName
mystrtok
addGenericRecord
IshCtl32Init
_mysprintf
_MyDebug
GetDlgItemDate

ishgdb

FreeDBC
GetDBC

user32

SetFocus
SetDlgItemTextA
SetCursor
SendMessageA
MessageBoxA
LoadCursorA
IsDlgButtonChecked
GetNextDlgTabItem
GetFocus
GetDlgItemTextA
GetDlgItem
GetAsyncKeyState
EndDialog
DialogBoxParamA

gdi32

SetTextColor
SetBkColor

comdlg32

GetOpenFileNameA

Exports

Exports

GetIsxHandler
ISH32ExSayimDlgHandler
IshStokDevirFisiDlgProc
IshStokSayDlgProc
UnloadIsxHandler
__DebuggerHookData

Sections

CODE
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ddbbefc07fd85ed53d494266bc5ca14

Headers

File Characteristics

Imports

cw3230mt

kernel32

ishctl32

ishgdb

user32

gdi32

comdlg32

Exports

Exports

Sections

CODE Size: 13KB - Virtual size: 16KB

DATA Size: 3KB - Virtual size: 12KB

TLS Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.rsrc Size: 19KB - Virtual size: 20KB

CODE
Size: 13KB - Virtual size: 16KB

DATA
Size: 3KB - Virtual size: 12KB

TLS
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 19KB - Virtual size: 20KB